Class: AwsSession

Inherits:
Object
  • Object
show all
Defined in:
lib/awssession.rb,
lib/awssession/version.rb

Overview

AWS Session creation with profile Structure of options 

'name' => <name>,
'region' => <region>
'role_arn' => <role_arn>
'aws_access_key_id' => <aws_access_key_id>
'aws_secret_access_key' => <aws_secret_access_key>
'mfa_serial' => <mfa_serial>

Can be fetched with AWSConfig if .aws/config

Constant Summary collapse

VERSION = 
'0.2.2'.freeze

Instance Method Summary collapse

Constructor Details

#initialize(options) ⇒ AwsSession

Returns a new instance of AwsSession.



20
21
22
23
24
25
26
27
 
# File 'lib/awssession.rb', line 20

def initialize(options)
  @profile = options[:profile]
  @sts_lifetime = options[:sts_lifetime] || 129_600
  @sts_filename = options[:sts_filename] || "#{@profile.name}_aws-sts-session.yaml"
  @role_lifetime = options[:role_lifetime] || 3_600
  @role_filename = options[:role_filename] || "#{@profile.name}_aws-role-session.yaml"
  @session_save_path = options[:session_save_path] || "#{Dir.home}/.aws/cache"
end

Instance Method Details

#assume_roleObject 



93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/awssession.rb', line 93

def assume_role
  sts_client = Aws::STS::Client.new(
    access_key_id: @sts_session.credentials.access_key_id,
    secret_access_key: @sts_session.credentials.secret_access_key,
    session_token: @sts_session.credentials.session_token
  )
  @role_session = sts_client.assume_role(
    duration_seconds: @role_lifetime,
    role_arn: @profile.role_arn,
    role_session_name: 'mysession'
  )
end

#create_sessionObject 



63
64
65
66
67
68
69
70
71
72
 
# File 'lib/awssession.rb', line 63

def create_session
  if @role_session.nil? && @sts_session.nil?
    read_token_input
    sts_session_token
    save_session @sts_filename, @sts_session
  end
  return unless @role_session.nil?
  assume_role
  save_session @role_filename, @role_session
end

#credentialsObject 



111
112
113
 
# File 'lib/awssession.rb', line 111

def credentials
  Aws::Credentials.new(*session_credentials)
end

#load_role_sessionObject 



39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/awssession.rb', line 39

def load_role_session
  @role_session = YAML.load_file("#{@session_save_path}/#{@role_filename}") # Load
  if Time.now > @role_session.credentials.expiration
    # or soooooooon !
    puts 'Role session credentials expired. Removing obsolete role session file'
    @role_session = nil
    File.delete("#{@session_save_path}/#{@role_filename}")
  else
    puts 'Found valid role session credentials.'
  end
end

#load_sessionObject 



34
35
36
37
 
# File 'lib/awssession.rb', line 34

def load_session
  load_role_session if File.file?("#{@session_save_path}/#{@role_filename}")
  load_sts_session if @role_session.nil? && File.file?("#{@session_save_path}/#{@sts_filename}")
end

#load_sts_sessionObject 



51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/awssession.rb', line 51

def load_sts_session
  @sts_session = YAML.load_file("#{@session_save_path}/#{@sts_filename}") # Load
  if Time.now > @sts_session.credentials.expiration
    # or soooooooon !
    puts 'STS session credentials expired. Removing obsolete sts session file'
    @sts_session = nil
    File.delete("#{@session_save_path}/#{@sts_filename}")
  else
    puts 'Found valid sts session credentials.'
  end
end

#read_token_inputObject 



74
75
76
77
78
79
 
# File 'lib/awssession.rb', line 74

def read_token_input
  print 'Enter AWS MFA token: '
  @token_code = STDIN.noecho(&:gets)
  @token_code.chomp!
  puts ''
end

#save_session(file, session) ⇒ Object 



106
107
108
109
 
# File 'lib/awssession.rb', line 106

def save_session(file, session)
  FileUtils.mkdir_p(@session_save_path)
  File.open("#{@session_save_path}/#{file}", 'w') { |f| f.write session.to_yaml }
end

#session_credentialsObject 



115
116
117
118
119
120
121
 
# File 'lib/awssession.rb', line 115

def session_credentials
  [
    @role_session.credentials.access_key_id,
    @role_session.credentials.secret_access_key,
    @role_session.credentials.session_token
  ]
end

#startObject 



29
30
31
32
 
# File 'lib/awssession.rb', line 29

def start
  load_session
  create_session
end

#sts_session_tokenObject 



81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/awssession.rb', line 81

def sts_session_token
  sts_client = Aws::STS::Client.new(
    access_key_id: @profile.aws_access_key_id,
    secret_access_key: @profile.aws_secret_access_key
  )
  @sts_session = sts_client.get_session_token(
    duration_seconds: @sts_lifetime,
    serial_number: @profile.mfa_serial,
    token_code: @token_code
  )
end